FANDOM


m0n0wall uses a stripped-down version of FreeBSD. It doesn't have an SSH server that you can connect to because it is... well... stripped down.

In other words, stripped-down FreeBSD doesn't have SSH because it's stripped down.

To solve that problem, I made a m0n0wall pseudo-shell for the lulz.


<?php
/**
 * Crappy m0n0wall pseudo-shell
 * Copyright (c) 2009 by Simon Cornelius P. Umacob rot13<fvzbapch@tznvy.pbz>
 * All rights reserved.
 *
 * Dumped to the whole world under the Simplified BSD License <http://www.opensource.org/licenses/bsd-license.php>.
 */

$host           = '192.168.1.1';
$username       = 'admin';
$password       = 'mono';

$fp             = fopen('php://stdin', 'r');
$command        = '';
$dir            = 'cd /; ';

/**
 * From http://pleac.sourceforge.net/pleac_php/processmanagementetc.html
 */
function ob_pager($output, $mode) {
        static $pipe;

        if ($mode & PHP_OUTPUT_HANDLER_START) {
                $pager = getenv('PAGER');
                if (!$pager) {                       
                        $pager = '/usr/bin/less';  // TODO: might not exist; in that case, use /usr/bin/more
                }
                $pipe = popen($pager, 'w');
        }
        fwrite($pipe, $output);
        if ($mode & PHP_OUTPUT_HANDLER_END) {
                pclose($pipe);
        }
}

do {
        echo "m0n0wall> ";
        $command = trim(fgets($fp));

        if (preg_match('/^cd .+$/', $command)) {
                if ($command == 'cd /') {
                        $dir = 'cd /; ';
                } else {
                        if (strlen($dir > 512)) {
                                $dir = 'cd /; '; // TODO: chdir to current directory.
                                echo "WARNING: Current directory has been changed to /.  Patches to this script are welcome.\n";
                        }

                        $dir .= "$command; ";
                        $command = '';
                }
        }

        $str =<<<EOD
        /usr/local/bin/curl -so - -d 'txtCommand=$dir $command' http://$username:$password@$host/exec.php |
        /usr/bin/sed -n -e '/<pre>/,/<\/pre>/p' | /usr/bin/sed '1,2d;\$d'
EOD;
        ob_start('ob_pager');
        echo html_entity_decode(shell_exec($str));
        ob_end_flush();
} while ($command != 'exit');
?>